Business-government ties complicate cyber security

From time to time, we like to check in with “Inside Cyber Warfare” author Jeffrey Carr to get his thoughts on the digital security landscape. These conversations often address specific threats, but with the recent release of the second edition of Carr’s book, we decided to explore some of the larger concepts shaping this space.

Are corporate and government interests in the U.S. becoming one and the same? That is, an attack on an American business’ network may be regarded as an assault on the country itself?

Jeffrey Carr: Due to the dependence of the U.S. government upon private contractors, the insecurity of one impacts the security of the other. The fact is that there are an unlimited number of ways that an attacker can compromise a person, organization or government agency due to the interdependencies and connectedness that exist between both.

Are national network security and media piracy becoming interrelated and confused?

Jeffrey Carr: It has definitely become confused to the point where the Department of Homeland Security (DHS) is now the enforcement arm of the Recording Industry Association of America (RIAA), which I find utterly disgraceful. It’s due entirely to the money and power that entertainment industry lobbyists have to wave in front of members of Congress. It has absolutely nothing to do with improving the security of our critical infrastructure or reducing the attack platform used by bad actors.

Flipping this around, how much of a cyber threat does the U.S. pose to other countries?

Jeffrey Carr: The U.S. is probably as capable or more capable at conducting cyber operations than any of the other nation states who engage in it. It’s not a question of "they do it to us, but we don’t do it to them." It’s a question of how to defend your critical assets in light of the fact that everyone is doing it.

What recent technologies concern you the most?

Jeffrey Carr: We are racing to adopt cloud computing without regard to security. In fact, many customers wrongly assume that the cloud provider is responsible for their data’s security when the reverse is true. Not only is security a major problem, but there’s no telling where in the world your data may reside since most large cloud providers have server farms scattered around the world. That, in turn, makes the data susceptible to foreign governments that have cause to request legal access to data sitting on servers inside their borders.